ldap load-balance

Michael Schwartzkopff ms at sys4.de
Thu Oct 6 15:18:24 UTC 2022


On 06.10.22 15:57, Elias Pereira wrote:
> hi,
>
> Thanks for the reply!!!
>
> I have a post-auth to direct the user to a specific vlan.
>
> It would look like this?
>
> redundant-load-balance {
>          ldap-dc3
>          ldap-dc4
>     }
>
>
> #  Auth-Type LDAP {
> #     ldap
> #  }
>
>     eap
>
> #  Auth-Type eap {
> #     eap {
> #        handled = 1
> #     }
> #     if (handled && (Response-Packet-Type == Access-Challenge)) {
> #        attr_filter.access_challenge.post-auth
> #        handled  # override the "updated" code from attr_filter
> #     }
> #  }
> }
>
> post-auth {
>     redundant-load-balance {
>          ldap-dc3
>          ldap-dc4
>     }
>     if (Ldap-Group == "CN=ADM,OU=GRUPOS,OU=CAMPUS,DC=company,DC=net") {
>                  update reply {
>                          &Tunnel-Type = VLAN
>                          &Tunnel-Medium-Type = IEEE-802
>                          &Tunnel-Private-Group-Id = "51"
>                  }
>          }
>
>     ...
>
>
> On Thu, Oct 6, 2022 at 10:48 AM Michael Schwartzkopff via Freeradius-Users <
> freeradius-users at lists.freeradius.org> wrote:
>
>> On 06.10.22 15:43, Elias Pereira wrote:
>>> hi,
>>>
>>> I was reading the load-balance article on the freeradius wiki and had
>> some
>>> doubts.
>>>
>>> I have two vms with sambaAD. In mod-enable > ldap I need to configure 2
>>> entries of the ldap block?
>>>
>>> eg:
>>> ldap1{
>>> ...
>>> }
>>>
>>> ldap2{
>>> ...
>>> }
>>>
>>> 2. Is the loadbalance setting done in the file sites-enable > default?
>>>
>> hi,
>>
>>
>> with the config above you configured the modules ldap1 and ldap2. You
>> have to tell your server, i.e. the default server, to use this modules
>> during authorization.
>>
>>
>> Add something like instead of the default "ldap" statement.
>>
>> redundant-load-balance {
>>       ldap1
>>       ldap2
>> }
>>
>>
>> Mit freundlichen Grüßen,
>>
>> --
>>
>> [*] sys4 AG
>>
>> https://sys4.de, +49 (89) 30 90 46 64
>> Schleißheimer Straße 26/MG,80333 München
>>
>> Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
>> Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
>> Aufsichtsratsvorsitzender: Florian Kirstein
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>

Hi,


I don't know about your setup and config. But it looks reasonable.

If it works, it works. Just test it and read the debug output. check if 
the logs make sense and give a reasonable result.


Mit freundlichen Grüßen,

-- 

[*] sys4 AG
  
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
  
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein



More information about the Freeradius-Users mailing list